Feeds

PHP apps plagued by Mark of the Beast bug

Death by decimal places

Beginner's guide to SSL certificates

Web developers are in a lather following the discovery of a bug in the PHP programming language that causes computers to freeze when they process certain numerical values with large numbers of decimal places.

The error in the way floating-point and double-precision numbers are handled sends 32-bit systems running Linux, Windows, and FreeBSD into an infinite loop that consumes 100 percent of their CPU's resources. Developers are still investigating, but they say the bug appears to affect versions 5.2 and 5.3 of PHP. They say it could be trivially exploited on many websites to cause them to crash by adding long numbers to certain URLs.

“Since PHP drives everything from WordPress to Wikipedia, there could be a ton of vulnerable sites,” H D Moore, CSO of Rapid7 and chief architect of the Metasploit project, told The Reg. “The use case for this would be to quickly kill any web server hosting a vulnerable PHP instance and application.”

The bug, which first came to light on the Exploring Binary blog, is triggered when PHP apps process statements such as:

<?php $d = 2.2250738585072011e-308; ?>

The crash is also triggered when the number is expressed without scientific notation, with 324 decimal places. As author Rick Regan notes, the value is the largest subnormal double-precision floating-point number. It's still not clear exactly what causes the crash, but participants on this Hacker News forum speculate it has something to do with the way 32-bit x86 processors calculate long values with a large number of decimals.

As a user named Pomax explains:

This is the nature of floating point numbers: they're not exactually [sic] "exact" at all. Converting a fixed fraction decimal number into a floating point means turning an exact number into its best approximation. In order to get the approximation as close as possible to the original number, a floating point conversion algorithm will perform several runs until the error between the original number and the floating point representation is smaller than some very small value. This leads to problems when either the error can't get smaller than the required precision, or when the error doesn't decrease per iteration. In both cases an algorithm that doesn't have error detection will be stuck in an infinite loop.

The user went on to say that the problem happens with values passed through the GET protocol, making it possible for people to trigger crashes by adding parameters to URLs that contain the number, a la “/store.php?cat=22250738585072011.”

PHP maintainers have yet to weigh in on the report. In the meantime, possible workarounds include adding a “-ffloat-store” flag to CFLAGS or stopping the execution of decimal versions of numbers that are passed as a parameter. ®

Intelligent flash storage arrays

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.